Sometimes good change comes from compliance. More than once I’ve seen major product resource shift to address major cybersecurity gaps, in response to a compliance led audit.

Compliance is not security, but engineers, especially solo ones tend to have their blinkers on when they’re trying to build something to first work.